Skip to content

Commit

Permalink
Merge remote-tracking branch 'upstream/main' into BackendTrafficPolic…
Browse files Browse the repository at this point in the history
…yConnection
  • Loading branch information
zhaohuabing committed Aug 20, 2024
2 parents 293869f + 6ab6482 commit 0cdc360
Show file tree
Hide file tree
Showing 356 changed files with 17,892 additions and 3,652 deletions.
59 changes: 22 additions & 37 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,26 +6,24 @@
version: 2
updates:
- package-ecosystem: docker
directory: /tools/docker/envoy-gateway/
schedule:
interval: weekly
- package-ecosystem: docker
directory: /site
directories:
- /tools/docker/envoy-gateway/
- /site
schedule:
interval: weekly
- package-ecosystem: github-actions
directory: /
directories:
- /
- /tools/github-actions/setup-deps
schedule:
interval: weekly
ignore:
# skip to update retest, because it won't work with the latest version
- dependency-name: "envoyproxy/toolshed/gh-actions/retest"
- package-ecosystem: github-actions
directory: /tools/github-actions/setup-deps
schedule:
interval: weekly
- package-ecosystem: gomod
directory: /
directories:
- "/"
- "examples/extension-server"
schedule:
interval: weekly
groups:
Expand All @@ -35,35 +33,22 @@ updates:
go.opentelemetry.io:
patterns:
- "go.opentelemetry.io/*"
golang.org:
patterns:
- "golang.org/*"
- package-ecosystem: pip
directory: /tools/src/codespell
schedule:
interval: weekly
- package-ecosystem: gomod
directory: /tools/src/helm-docs
schedule:
interval: weekly
- package-ecosystem: gomod
directory: /tools/src/buf
directories:
- /tools/src/codespell
- /tools/src/sphinx-build
- /tools/src/yamllint
schedule:
interval: weekly
- package-ecosystem: gomod
directory: /tools/src/golangci-lint
schedule:
interval: weekly
- package-ecosystem: gomod
directory: /tools/src/kind
schedule:
interval: weekly
- package-ecosystem: gomod
directory: /tools/src/setup-envtest
schedule:
interval: weekly
- package-ecosystem: pip
directory: /tools/src/sphinx-build
schedule:
interval: weekly
- package-ecosystem: pip
directory: /tools/src/yamllint
directories:
- /tools/src/helm-docs
- /tools/src/buf
- /tools/src/golangci-lint
- /tools/src/kind
- /tools/src/setup-envtest
schedule:
interval: weekly
6 changes: 3 additions & 3 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,14 +36,14 @@ jobs:
- uses: ./tools/github-actions/setup-deps

- name: Initialize CodeQL
uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
uses: github/codeql-action/init@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2
with:
languages: ${{ matrix.language }}

- name: Autobuild
uses: github/codeql-action/autobuild@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
uses: github/codeql-action/autobuild@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
uses: github/codeql-action/analyze@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2
with:
category: "/language:${{matrix.language}}"
2 changes: 1 addition & 1 deletion .github/workflows/license-scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Run scanner
uses: google/osv-scanner-action/osv-scanner-action@7ac94f9d40028db4cacf8d53adec6626f5d3d2f7 # v1.8.2
uses: google/osv-scanner-action/osv-scanner-action@c615bb556a9a61495d218c7d439e7c8abbbfb151 # v1.8.3
with:
scan-args: |-
--skip-git
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/osv-scanner.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ on:
jobs:
scan-scheduled:
if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }}
uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@7ac94f9d40028db4cacf8d53adec6626f5d3d2f7" # v1.8.2
uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@c615bb556a9a61495d218c7d439e7c8abbbfb151" # v1.8.3
permissions:
actions: read
contents: read
Expand All @@ -32,7 +32,7 @@ jobs:
scan-pr:
if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }}
uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@7ac94f9d40028db4cacf8d53adec6626f5d3d2f7" # v1.8.2
uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@c615bb556a9a61495d218c7d439e7c8abbbfb151" # v1.8.3
permissions:
actions: read
contents: read
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/scorecard.yml
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,6 @@ jobs:
retention-days: 5

- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
uses: github/codeql-action/upload-sarif@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2
with:
sarif_file: results.sarif
27 changes: 10 additions & 17 deletions api/v1alpha1/accesslogging_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -123,15 +123,13 @@ const (
// - `x-accesslog-attr` - JSON encoded key/value pairs when a JSON format is used.
//
// +kubebuilder:validation:XValidation:rule="self.type == 'HTTP' || !has(self.http)",message="The http field may only be set when type is HTTP."
// +kubebuilder:validation:XValidation:message="BackendRefs must be used, backendRef is not supported.",rule="!has(self.backendRef)"
// +kubebuilder:validation:XValidation:message="must have at least one backend in backendRefs",rule="has(self.backendRefs) && self.backendRefs.size() > 0"
// +kubebuilder:validation:XValidation:message="BackendRefs only supports Service kind.",rule="has(self.backendRefs) ? self.backendRefs.all(f, f.kind == 'Service') : true"
// +kubebuilder:validation:XValidation:message="BackendRefs only supports Core group.",rule="has(self.backendRefs) ? (self.backendRefs.all(f, f.group == \"\")) : true"
type ALSEnvoyProxyAccessLog struct {
// BackendRefs references a Kubernetes object that represents the gRPC service to which
// the access logs will be sent. Currently only Service is supported.
//
// +kubebuilder:validation:MinItems=1
// +kubebuilder:validation:MaxItems=1
// +kubebuilder:validation:XValidation:message="BackendRefs only supports Service kind.",rule="self.all(f, f.kind == 'Service')"
// +kubebuilder:validation:XValidation:message="BackendRefs only supports Core group.",rule="self.all(f, f.group == '')"
BackendRefs []BackendRef `json:"backendRefs"`
BackendCluster `json:",inline"`

// LogName defines the friendly name of the access log to be returned in
// StreamAccessLogsMessage.Identifier. This allows the access log server
// to differentiate between different access logs coming from the same Envoy.
Expand Down Expand Up @@ -167,7 +165,11 @@ type FileEnvoyProxyAccessLog struct {
// OpenTelemetryEnvoyProxyAccessLog defines the OpenTelemetry access log sink.
//
// +kubebuilder:validation:XValidation:message="host or backendRefs needs to be set",rule="has(self.host) || self.backendRefs.size() > 0"
// +kubebuilder:validation:XValidation:message="BackendRefs must be used, backendRef is not supported.",rule="!has(self.backendRef)"
// +kubebuilder:validation:XValidation:message="BackendRefs only supports Service kind.",rule="has(self.backendRefs) ? self.backendRefs.all(f, f.kind == 'Service') : true"
// +kubebuilder:validation:XValidation:message="BackendRefs only supports Core group.",rule="has(self.backendRefs) ? (self.backendRefs.all(f, f.group == \"\")) : true"
type OpenTelemetryEnvoyProxyAccessLog struct {
BackendCluster `json:",inline"`
// Host define the extension service hostname.
// Deprecated: Use BackendRefs instead.
//
Expand All @@ -180,15 +182,6 @@ type OpenTelemetryEnvoyProxyAccessLog struct {
// +kubebuilder:validation:Minimum=0
// +kubebuilder:default=4317
Port int32 `json:"port,omitempty"`
// BackendRefs references a Kubernetes object that represents the
// backend server to which the access log will be sent.
// Only Service kind is supported for now.
//
// +optional
// +kubebuilder:validation:MaxItems=1
// +kubebuilder:validation:XValidation:message="only support Service kind.",rule="self.all(f, f.kind == 'Service')"
// +kubebuilder:validation:XValidation:message="BackendRefs only supports Core group.",rule="self.all(f, f.group == '')"
BackendRefs []BackendRef `json:"backendRefs,omitempty"`
// Resources is a set of labels that describe the source of a log entry, including envoy node info.
// It's recommended to follow [semantic conventions](https://opentelemetry.io/docs/reference/specification/resource/semantic_conventions/).
// +optional
Expand Down
72 changes: 39 additions & 33 deletions api/v1alpha1/backendtrafficpolicy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,14 +45,51 @@ type BackendTrafficPolicy struct {
// BackendTrafficPolicySpec defines the desired state of BackendTrafficPolicy.
type BackendTrafficPolicySpec struct {
PolicyTargetReferences `json:",inline"`
ClusterSettings `json:",inline"`

// RateLimit allows the user to limit the number of incoming requests
// to a predefined value based on attributes within the traffic flow.
// +optional
RateLimit *RateLimitSpec `json:"rateLimit,omitempty"`

// FaultInjection defines the fault injection policy to be applied. This configuration can be used to
// inject delays and abort requests to mimic failure scenarios such as service failures and overloads
// +optional
FaultInjection *FaultInjection `json:"faultInjection,omitempty"`

// Retry provides more advanced usage, allowing users to customize the number of retries, retry fallback strategy, and retry triggering conditions.
// If not set, retry will be disabled.
// +optional
Retry *Retry `json:"retry,omitempty"`

// UseClientProtocol configures Envoy to prefer sending requests to backends using
// the same HTTP protocol that the incoming request used. Defaults to false, which means
// that Envoy will use the protocol indicated by the attached BackendRef.
//
// +optional
UseClientProtocol *bool `json:"useClientProtocol,omitempty"`

// The compression config for the http streams.
//
// +optional
// +notImplementedHide
Compression []*Compression `json:"compression,omitempty"`
}

// +kubebuilder:object:root=true

// BackendTrafficPolicyList contains a list of BackendTrafficPolicy resources.
type BackendTrafficPolicyList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []BackendTrafficPolicy `json:"items"`
}

// ClusterSettings provides the various knobs that can be set to control how traffic to a given
// backend will be configured.
type ClusterSettings struct {
// LoadBalancer policy to apply when routing traffic from the gateway to
// the backend endpoints
// the backend endpoints. Defaults to `LeastRequest`.
// +optional
LoadBalancer *LoadBalancer `json:"loadBalancer,omitempty"`

Expand All @@ -71,44 +108,22 @@ type BackendTrafficPolicySpec struct {
// +optional
HealthCheck *HealthCheck `json:"healthCheck,omitempty"`

// FaultInjection defines the fault injection policy to be applied. This configuration can be used to
// inject delays and abort requests to mimic failure scenarios such as service failures and overloads
// +optional
FaultInjection *FaultInjection `json:"faultInjection,omitempty"`

// Circuit Breaker settings for the upstream connections and requests.
// If not set, circuit breakers will be enabled with the default thresholds
//
// +optional
CircuitBreaker *CircuitBreaker `json:"circuitBreaker,omitempty"`

// Retry provides more advanced usage, allowing users to customize the number of retries, retry fallback strategy, and retry triggering conditions.
// If not set, retry will be disabled.
// +optional
Retry *Retry `json:"retry,omitempty"`

// UseClientProtocol configures Envoy to prefer sending requests to backends using
// the same HTTP protocol that the incoming request used. Defaults to false, which means
// that Envoy will use the protocol indicated by the attached BackendRef.
//
// +optional
UseClientProtocol *bool `json:"useClientProtocol,omitempty"`

// Timeout settings for the backend connections.
//
// +optional
Timeout *Timeout `json:"timeout,omitempty"`

// The compression config for the http streams.
//
// +optional
// +notImplementedHide
Compression []*Compression `json:"compression,omitempty"`

// Connection includes backend connection settings.
//
// +optional
Connection *BackendConnection `json:"connection,omitempty"`

// DNS includes dns resolution settings.
//
// +optional
Expand All @@ -120,15 +135,6 @@ type BackendTrafficPolicySpec struct {
HTTP2 *HTTP2Settings `json:"http2,omitempty"`
}

// +kubebuilder:object:root=true

// BackendTrafficPolicyList contains a list of BackendTrafficPolicy resources.
type BackendTrafficPolicyList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []BackendTrafficPolicy `json:"items"`
}

func init() {
SchemeBuilder.Register(&BackendTrafficPolicy{}, &BackendTrafficPolicyList{})
}
7 changes: 7 additions & 0 deletions api/v1alpha1/clienttrafficpolicy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ package v1alpha1

import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
)

Expand Down Expand Up @@ -134,6 +135,12 @@ type HeaderSettings struct {
//
// +optional
PreserveXRequestID *bool `json:"preserveXRequestID,omitempty"`

// EarlyRequestHeaders defines settings for early request header modification, before envoy performs
// routing, tracing and built-in header manipulation.
//
// +optional
EarlyRequestHeaders *gwapiv1.HTTPHeaderFilter `json:"earlyRequestHeaders,omitempty"`
}

// WithUnderscoresAction configures the action to take when an HTTP header with underscores
Expand Down
12 changes: 8 additions & 4 deletions api/v1alpha1/connection_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,15 +22,17 @@ type ClientConnection struct {
// Note that when the suffix is not provided, the value is interpreted as bytes.
// Default: 32768 bytes.
//
// +kubebuilder:validation:XValidation:rule="type(self) == string ? self.matches(r\"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\") : type(self) == int",message="bufferLimit must be of the format \"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\""
// +kubebuilder:validation:XIntOrString
// +kubebuilder:validation:Pattern="^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$"
// +optional
BufferLimit *resource.Quantity `json:"bufferLimit,omitempty"`
// SocketBufferLimit provides configuration for the maximum buffer size in bytes for each incoming socket.
// SocketBufferLimit applies to socket streaming channel between TCP/IP stacks, it's in kernel space.
// For example, 20Mi, 1Gi, 256Ki etc.
// Note that when the suffix is not provided, the value is interpreted as bytes.
//
// +kubebuilder:validation:XValidation:rule="type(self) == string ? self.matches(r\"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\") : type(self) == int",message="socketBufferLimit must be of the format \"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\""
// +kubebuilder:validation:XIntOrString
// +kubebuilder:validation:Pattern="^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$"
// +optional
// +notImplementedHide
SocketBufferLimit *resource.Quantity `json:"socketBufferLimit,omitempty"`
Expand All @@ -44,7 +46,8 @@ type BackendConnection struct {
// For example, 20Mi, 1Gi, 256Ki etc.
// Note: that when the suffix is not provided, the value is interpreted as bytes.
//
// +kubebuilder:validation:XValidation:rule="type(self) == string ? self.matches(r\"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\") : type(self) == int",message="BufferLimit must be of the format \"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\""
// +kubebuilder:validation:XIntOrString
// +kubebuilder:validation:Pattern="^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$"
// +optional
BufferLimit *resource.Quantity `json:"bufferLimit,omitempty"`
// SocketBufferLimit provides configuration for the maximum buffer size in bytes for each socket
Expand All @@ -53,7 +56,8 @@ type BackendConnection struct {
// For example, 20Mi, 1Gi, 256Ki etc.
// Note that when the suffix is not provided, the value is interpreted as bytes.
//
// +kubebuilder:validation:XValidation:rule="type(self) == string ? self.matches(r\"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\") : type(self) == int",message="socketBufferLimit must be of the format \"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\""
// +kubebuilder:validation:XIntOrString
// +kubebuilder:validation:Pattern="^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$"
// +optional
// +notImplementedHide
SocketBufferLimit *resource.Quantity `json:"socketBufferLimit,omitempty"`
Expand Down
7 changes: 6 additions & 1 deletion api/v1alpha1/envoypatchpolicy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,12 @@ type JSONPatchOperation struct {
Op JSONPatchOperationType `json:"op"`
// Path is the location of the target document/field where the operation will be performed
// Refer to https://datatracker.ietf.org/doc/html/rfc6901 for more details.
Path string `json:"path"`
// +optional
Path *string `json:"path,omitempty"`
// JSONPath specifies the locations of the target document/field where the operation will be performed
// Refer to https://datatracker.ietf.org/doc/rfc9535/ for more details.
// +optional
JSONPath *string `json:"jsonPath,omitempty"`
// From is the source location of the value to be copied or moved. Only valid
// for move or copy operations
// Refer to https://datatracker.ietf.org/doc/html/rfc6901 for more details.
Expand Down
Loading

0 comments on commit 0cdc360

Please sign in to comment.